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WO 98/41913 PCT/US98/05316 

METHOD AND SYSTEM FOR CONTENT FILTERING INFORMATION RETRIEVED FROM AN INTERNET COMPUTER 
NETWORK 

SPECIFICATION 
FIELD OF THE INVENTION 
This invention relates generally to a method 
and system for f iltering Internet con tent, and more 
5 particularly to a method and system for allowing an 

Internet Service Provider ("ISP") to p erform user - ^ 
customizable content filter ing of information retrieved 
from the Internet. 

10 BACKGROUND OF THE PRESENT INVENTION 

The Internet contains a wealth of information 
for consumers, students and businesses. Users gener- 
ally access this information through software known as 
a "browser, " such as the Netscape Navigator™ or the 

15 Microsoft Explorer™. Browsers allow an end-user to 

access "web sites," which contain content typically in 
the form of HTML files. The browser software inter- 
prets the HTML data and provides the user with graphi- 
cal images, textual data, audio sound or other forms of 

20 output. Other software utilities for accessing In- 

ternet content include News Groups, FTPs, IRC chat 
rooms and e-mail. Additionally, other traditional 
programs, such as games and database or spread-sheet 
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programs, may also be programmed to directly access 
Internet content. 

Many enti ties have found a need to block 
access to some web sites for certain end-users. For 
example, corporations may wish to allow their employees 
to access technical or business sites but not enter- 
tainment oriented sites, while families may wish to 
prevent access to sexually explicit or other objection- 
able information. Indeed, even advocates of free and 
open speech on the Internet have recognized the need 
for technology which allows for individualized self- 
censorship of the content of information received as a 
means to avoid government censorship of the content 
which is posted on the Internet. 

Software developers have attempted to allow 
some control over the content of information received 
on end-user machines ("clients") by filtering the 
information available. Several mechanisms for filter- 
ing are available: exclusive filtering ("black-list- 
ing") which prevents access to all sites on a predeter- 
mined list of Internet sites; inclusive filtering 
("white- listing") which allows access only to a 
predetermined list of Internet sites; and word- scr een- 
ing or phrase -screenin g which prevents access to web 
site "pages" which contain any word or phrase on a 
predetermined list. Other methods of filtering include 
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blocking access to "newsgroups" open discussion 
areas that allow users to easily interact and post 
content. Another filtering method is the Platform for 
Internet Content Selection (PICS) standard which allows 
individual Internet content providers to self -label 
their content according to standard criteria. PICS 
also allows for third party labeling of sites. 

Initial attempts at Internet content control 
implemented the filter function on the local (client) 
machine. Figure 8 shows a typical prior art configura- ' 
tion, implementing inclusive or exclusive filtering 
where the client personal computer 500 stores a data- 
base 501 of allowed (inclusive) or disallowed (exclu- 
sive) Internet sites. Client 500 is connected through 
an asynchronous dial-up line 502 to the Internet Ser- 
vice Provider ("ISP") server 503. The ISP server 503 
is typically connected via a high speed connection 504 
such as a T-l, T-3 or greater, to the global Internet 
505. There are several disadvantages with this single- 
user configuration. First, it is subject to be modi- 
fied or thwarted by a computer literate end-user, such 
as a teenager or corporate employee. Second, in either 
the home, school or corporate environment, it is diffi- 
cult and time consuming to install on every end- user's 
client machine. Third, this configuration is dependent 
upon individual end-user hardware and operating systems 
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and requires modified software for different end-user 
platforms. Finally, the client database 501 must be 
updated frequently to track changes in the content of 
various Internet sites. This requires frequent down- 
loads from the Internet or disk updates. 

A variation of the single-user configuration 
of Figure 8 is shown in Figure 9. In this lgcaj ^serv - 
er^based configuratio n, a plurality of client computers 
520, running any of a number of platforms such as Win- 
dows™, MacOS™ or Unix,™ are coupled to a local area 
network 521. The local area network 521 is connected 
to the ISP server 523 through a local server 522 and a 
dial-up or fixed connection 524. End-user requests for 
Internet content are f altered by the local server 5 22 . 
The local server 522 accesses its stored database 525 
and utilizes a single set of filtering criteria for all 
of the end-users of the client computers 520. This is 
disadvantageous because a single set of filtering 
criteria is often not appropriate for all of the end- 
users. While this local server configuration makes it 
far more difficult for a computer literate end-user to 
modify or thwart the system, it suffers from many of 
the disadvantages of the single-user configuration in 
that it requires time-consuming local service to initi- 
ate and maintain the system on the local server 522. 
Many organizations do not have the resources and exper- 
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10 



15 



20 



tise to install and maintain such a system. Further, 
while this configuration can often be used with a 
variety of end-user platforms, software implementing 
the filtering functions is typically tied to a single 
local area network or a local server platform. 

Additionally, some service providers, such as 
Amerj£a^^lin&, have used a third "server -bas ed" 
configuration where the fi ltering function is perfor med 
at the remotej server site. To the inventors 1 knowl- 
edge, however, each of the existing systems implement- 
ing this server-based configuration utilize a single 
set of filtering criteria for all of their controlled- 
access end-users. Thus, while this system solves some 
of the problems associated with the local server 
configuration above, it still suffers from the fact 
that a single set of filtering criteria is not appro- 
priate for all end-users. Accordingly, there exists a 
need for a remote ISP server based method and system 
for filtering Internet content received by controlled 
access subscribers on an individually customizable ^ 
basis^ 



25 



SUMMARY OF THE INVENTION 
The object of the present invention is to 
overcome these and other disadvantages of the prior art 
systems by providing individual end-user customizable 
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access control filtering and data storage on the ISP 
server. These objectives include providing, an Internet 
access system which: requires no special or propri- 
etary software to be installed at the user's site, such 
as on an end-user (client) computer or a local server; 
will work: with any user hardware or operating system 
platform or local-area networks; allows users to select 
filtering sc hemes , such as inclusive or exclusive 
filtering, and filtering elements, such as ISP provided 
inclusive- lists or exclusive- lists, or their own cus- 



0 



tomiz ed inclusive-lists or excl us i ve -l ists; and is 
difficult to tamper with or circumvent. 

The method and system of the present inven- 
tion includes an ISP server which executes or inter- 
15 prets software incorporating one or more filtering 

schemes and accesses databases including any filtering 
elements required by the filtering schem e . Individual 
end-user accounts are matched b y the ISP server to the 
filtering scheme and the individualized set of database 
fil tering elements associ ated with the end-user ac- 
count. For example, a controlled access end-user 
account may be matched to an exclusive- list filtering 
scheme and a database of restricted sites. Alterna- 
tively, the controlled access end-user account may be 
25 matched to word- screening or phrase -screening filter 

and a database of restricted words or phrases and 
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context rules. In a preferred embodiment of the pres- 
ent invention, the ISP server further includes end-user 
databases containing additional sets of filtering ele- 
ments for further customizing the filtering scheme. 
While the ISP server preferably accesses the filtering 
schemes and filtering elements directly from main 
memory or local storage, the filtering schemes and fil- 
tering elements may, alternatively, be located remotely 
on other servers, or ISP servers, and be accessed 
through the Internet or a separate computer network 
connecting the ISP server to the data. 

BRIE? DESCRIPTION OF THE DRAWINGS 
For a more complete understanding of the 
present invention, reference is made to the following 
Detailed Description taken in connection with the 
accompanying drawings in which: 

Figure 1 is single -user configuration embody- 
ing the present invention; 

Figure 2 is a multiple-user local are a net- 
work based configuration embodying the present inven- 
tion; 

Figure 3 is a flow diagram showing the ISP 
server's process for processing an Internet log-in re- 
quest ; 
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Figure 4 is a flow diagram showing the In- 
ternet accessprocess for a contro lled access sub- 
scriber; 

y^~— — — — 

Figure 5 is a flow diagram showing the ISP 
server's process for servicing an Internet access re- 
quest; 

Figure 6 is a flow diagram showing a pre- 
ferred filtering scheme of the present invention; 

Figure 7 shows a distributed implementation 
of the present invention in which filtering schemes and 
filtering elements may be distributed across a network; 

Figure 8 shows a p rior a rt single-user 
configuration; and 

Figure 9 shows a prior_art local area network 
configuration. 

DETAILED DESCRIPTION 

Preferred embodiments of the present inven- 
tion will now be described with continued reference to 
the drawings. 

Figures 1 and 2 show single-user and multi- 
ple-user local area network configurations, respective- 
ly, embodying the present invention. In the single- 
user configuration, local client 10 is connected to the 
ISP server 100. The connection 20 is typically a dial- 
up asynchronous telephone line, but may be any of a 

8 
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number of known means, such as a cable connection or a 
continuous direct connection. 

In the multiple-user local area network a 
plurality of clients, shown as 11 , 12 and 13 on Figure 
2, are coupled to a local server 15 through local area 
network 16. The clients, 11, 12 and 13 as shown, may 
be using any of a number of platforms such as the 
Windows™, MacOS™, or Unix™ operating systems. The 
clients communicate with the ISP server 100 through 
local server 15 and connection 20. In this embodiment, 
connection 20 is preferred to be a continuous direct 
connection. 

The ISP server 100 typically provides a 
plurality of end-users, or subscribers, with access to 
the Internet 110. The ISP server 100 is coupled to the 
Internet 110, preferably through a high speed connec- 
tion 101, such as a T-3 line. Communications across 
the Internet 110 and ISP servers is through the Trans- 
mission Control Protocol/Internet Protocol (TCP/IP) . 
Preferably, the clients, 10 on Figure l and 11, 12 and 
13 on Figure 2, also communicate with ISP server 100 
using the TCP/IP protocol, although other proprietary 
or public protocols may also be supported. 

The ISP server 100 typically includes at 
least one filter scheme 121, stored in main memory or 
other storage, and a database 120 of a plurality of 
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$ S ^-2i^iiH£Ei25_eleo^^ : 
Sad^sers. The filtering scheme may consist of any 
type of code which may be "executed,.- including object 
codes, interpreted code, such as Java™ or JavaScript™, 
other high-level code, or combinations thereof. The 
filtering scheme may be customized by combining por- 
tions of other filtering schemes, such as through a 
high-level language or visual editor. 

The embodiment described below utilizes a 
single filtering scheme shown in Figure 6 and sets of 
filtering elements consisting of a master _inclusiv e- 
Ij^Lan^pers ona^ inclusive- list a nd a personal 
jxclusiye^t. Accordingly, in the embodiment de- 
SCribed ' e ^LContro ngd_acce SS end-u sg^wil l be asso - 
ciatgdwith a [Set] of g Uteringel^^ 



master_inclusive-Ust and a^grsonaj^i nclusive- li st and 
apersonal exclusive-list. However, it will be obvious 
to one of ordinary skill in the art that the filter ing „ 

brids thereof . The types of sets of filter elements 
will also be different depending on the filtering 
scheme. Thus, when using a word- screening type filter- 
ing scheme, the sets of filtering elements may consist 
of master lists of disallowed words or phrases together 
with individual words, phrases or rules. 



10 
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Figure 3 shows the ISP server 100 process for 
accepting a log- in request 200, the ISP server 100 
first verifies 201 whether the user is a registered 
subscriber. Invalid users are sent a rejection notice 
202. The ISP server 100 then determines 203 whether 
the end-user is a c ontr olled access subscriber. If 
( not, the connection is marked 204 as an open acce ss 
connection . If the end-user is a controlled access, 
subscriber, the l og- in process identifies the filte ring 
scheme 205 and the filtering elements 206 associated 
with the end-user . The connection is marked 207 as a 
controlled access connection. The ISP server 100 may 
utilize a single filtering scheme for all controlled 
access users, in which case, individualized customiz- 
ation is achieved solely through the individualization 
allowed by modifying the filtering elements. 

Figures 4 and 5 show the flow of the Internet 
access process which is executed when a logged- in sub- 
scriber sends a request to the ISP server 100 for 
Internet access. 

The Internet access request process begins 
when an end-user at a client computer (25 in Figure 4) 
sends a request to the ISP server 100 for a web page or 
other Internet service, such as an FTP request. Typi- 
cally, these requests are sent from the client 25 by an 

11 
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end-user utilizing a browser. In the preferred' embodi- 
ment, the request is in the TCP/IP format. 

As seen in Figure 5, ISP server 100 receives 
an Internet access request 220 from client 25. ISP 
server 100 determines 221 whether this request is from 
a controlled access subscriber or an open access sub- 
scriber. If the request is from an open access 
subscriber, the request is processed 222 and forwarded 
to the Internet 110 in the traditional manner. 

If the Internet access request is from a con- 
trolled access subscriber, the ISP server 100 imple- 
me nts 223 the filtering scheme associated with the end- 
user utilizing the cust omized filtering elements also 
associated with the user from the ISP database 120. 
The ISP server 100 determines 224 whether the filtering 
scheme authorizes the request. If the request is 
authorized, it is processed 222 and forwarded to the 
Internet, if not, the ISP server 100 provides the end- 
user with a rejection notice 225. 

For certain filtering schemes, such as word- 
screening or phrase- screening schemes, the end-user 
Internet access re quest may be partially pr ocessed 
while _the ISP server 100 monitors the content for 
cer tain words or phrases . The ISP server 100 maintains 
a table of logged- in end-users associated with this 
type of filtering scheme. Internet access requests for 

12 
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such end-users are forwarded directly to the Internet 
110. The ISP server 100 then monitors all data packets 
to determine which will be forwarded to users on this 
table. If a packet is being sent to such a user, the 
5 ISP server 100 screens the packet based on the specific 

filtering scheme and filtering elements. For certain 
schemes or elements, multiple data packets may have to 
be buffered. If the data packet or packets trigger the 
filtering scheme, such as by containing specific words 
10 or phrases, the transmission to the user may be termi- 

nated. The sending site may be put on a list of ex- 
cluded sites used in a hybrid exclusive- list word- 
parsing scheme. 

In the preferred embodiment, the ISP server 
15 100 provides a user- friendly HTML message denying the 

Internet access request when appropriate. This message 
may contain a statement of a client corporation's "ac- 
ceptable use policy" if the end-user subscriber is 
associated with a corporation. 
20 The preferred embodiment further includes a 

privileged class of controlled access users. These 
privileged users are typically parents , in the case of 
^ family accounts ; teacher s , for educational accounts ; 

and corporation administrators, for corporate accounts. 
25 The p rivilege d_u sers are responsible for selecting the 

f iJ 1 tering scheme and filtering elements which are 



13 



SUBSTITUTE SHEET (RULE 26) 



3/14/2006. EAST Version: 2.0.3.0 



» 



WO 98/41913 



PCT/US98/0S316 



10. 



15 



20 



25 



associated with ^ontroU ed^access end-user accounts 
under the privileged user's control . The filtering 
scheme may be_ selected from a fixed set of options, or 
may be f urther customized b y allowing the privileged 
use^X ^ select and combine elements , such as through a 
graphical user interface from a n umber of existing f il- 
tering schemes. 

When a request by a privileged user is de- 
nied, the user receives a special denial message which 
allows the privilege d user to override the denial. 
Alternatively, the privileged user is allowed to modif y 
the filt ering s chemes and filtering elements (such as 
exclusive-list sites) associated with the privileged 
user and controlled-access end-users controlled by the 
privileged user. 

Figure 6 shows a preferred ISP server filter- 
ing scheme comprising a hybrid master inclusive- list 
combined with personal exclusive and inclusive lists. 
ISP server 100 receives 250 Internet access requests 
and determines 251 whether the end-user is a controlled 
access subscriber. If not, the request is forwarded to 
the Internet 110 and processed 252. If the request is 
from a controlled access subscriber, the ISP server 100 
parses the request 257 and determines 253 whether the 
requested site is on a master inclusive- list of allowed 
sites. In the TCP/IP protocol, each Internet access 
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request or "packet" includes the address of the 
destination computer from which content is requested. 
Thus, the parsing routine simply examines this destina- 
tion address and compares it to the address list. The 
master inclusive- list may be supplied by the ISP or 
third-party list suppliers < If the site is on the 
master inclusive- list , the ISP server then checks 254 
the site against the subscriber's personal exclusive- 
list. Alternatively, if the site is not on the master 
inclusive-list, it is checked 255 against the sub- 
scriber's personal inclusive-list. If the site is 
either (i) on the master inclusive- list and not on the 
personal exclusive-list; or (ii) on the personal inclu- 
sive-list, the request is processed 252 and forwarded 
to the Internet. If not, the request is denied 256 
with an HTML message as noted above. The set of 
filtering elements associated with each end-user ac- 
count for this preferred embodiment therefore comprise 
the master inclusive- list and the personal exclusive- 
list and personal inclusive- list . Any of those lists, 
as well as any of the other sets of filtering elements 
described herein, may be optionally set to be empty 
lists or sets. 

Figure 7 shows a distributed implementation 
of the present invention. Local client 310 may access 
ISP server 300 through a dial-up, or other connection 

15 
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20. Alternatively, clients may be connected through a 
j local server as shown in Figure 2. ISP server 300 is 
coupled to the Internet 110 through a high-speed con- 
nection 101. The filtering scheme 321 and sets of 
filtering elements 320 are stored locally to another 
server 304 either in main memory or secondary storage 
such as disk storage on the line. Alternatively, the 
filtering scheme 321 and filtering elements 320 may be 
stored on separate servers, such as 300, 304 or 301. 
Server 304 may be coupled through a connection 305 to 
the Internet 110 thereby allowing ISP server 300 to 
access server 304 through an Internet connection. 
Alternatively, ISP server 300 and server 304 may be 
coupled directly or through a separate computer network 
(not shown) . ISP server 300 simply queries server 304 
for the user's status as a controlled access user and 
the user's filtering scheme and set of filtering ele- 
ments, if any. Alternatively, ISP server 300 may 
forward the local client 310 Internet access requests 
to server 304 for processing. This distributed archi- 
tecture allows an end -user, who might normally use 
local client 325 to dials-up server 304, to access the 
Internet 110 through different local clients, 310 and 
311 as shown on Figure 7, and Internet points -of -pres- 
ence, such as through ISP server 300 and 301 as shown 
in Figure 7, provided by the Internet Service Provider, 

SUBSTITUTE SHEET (RULE 26) 

"3/14/9006. FAST VprQinn* 9 0^0 



WO 98/41913 



PCT/US98/05316 



while maintaining the user's customized content fil- 
tering. Thus, for example, corporation users could use 
the same ISP while traveling away from the office. 

It is understood that various other modifica- 
tions will be apparent to and can be readily made by 
those skilled in the art without departing from the 
scope and spirit of the present invention. For in- 
stance, the f iltering scheme may be based on an y of a 
plurality of filtering techniques, such as phrase and 



10 content filtering or glCS type filtering and consist of 

any of various types of "programs , " Such as executable 
code, interpreted code, script languages, or other high 
level programs. Additionally, ma ny combinat ions of 
such filters are possible. Similarly, the present 

15' invention may be applied equally for various types of 

communications hardware such as ISDN or cable modems 
and utilize various types of distributed processing 
across a computer network, such as the Internet itself. 
Accordingly, it is not intended that the scope of the 

20 claims be limited to the description or illustrations 

set forth herein, but rather that the claims be con- 
strued as encompassing all features of patentable 
novelty that reside in the present invention, including 
all features that would be treated as equivalents by 

25 those skilled in the art. 
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What is claimed is: 

1 1. A content filtering system for filtering 

2 content retrieved, from an Internet computer network by 

3 individual controlled access network accounts, said 

4 filtering system comprising: 

5 a local client computer generating 

6 network access requests for said individual controlled 

7 access network accounts, said network access requests 

8 containing a destination address; 

9 at least one filtering scheme; 

10 a plurality of sets of filtering ele- 

11 ments; and 

12 a remote ISP server coupled to said 

13 client computer and said Internet computer network, 

14 said ISP server associating each said network account 

15 to at least one filtering scheme and at. least one set 

16 of filtering elements, said ISP server further receiv- 

17 ing said network access requests from said client 

18 computer and executing said associated filtering scheme 

19 utilizing said associated set of filtering elements. 

1 2. The content filtering system of claim 1 

2 further comprising privileged network accounts, said 

3 ISP server allowing said privileged network accounts to 

4 modify the set of filtering elements matched to said 

5 controlled access network accounts. 
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1 3. The content filtering system of claim 1 

2 further comprising a local server coupled to said local 

3 client through a local area network, said remote ISP 

4 server being coupled to said local server through a 

5 telephonic connection. 

1 4. The content filtering system of claim 1 

2 further comprising a second ISP server coupled to said 

3 remote ISP server, said matched set of filtering ele- 

4 ments being stored locally to said second ISP server. 

1 5. The content filtering system of claim 4, 

2 wherein said second ISP server is coupled to said 

3 remote ISP server through said Internet computer net- 

4 work . 

1 6. The content filtering system of claim 1, 

2 wherein said at least one filtering scheme monitors 

3 said destination address of said network access re- 

4 quest. 

1 7. The content filtering system of claim 6, 

2 wherein said at least one filtering scheme comprises an 

3 exclusive-list scheme and said plurality of sets of 
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4 filtering elements comprise lists of excluded Internet 

5 sites. 

1 8. The content filtering system of claim 6, 

2 wherein said at least one filtering scheme comprises an 

3 inc lusive-lis t scheme and said plurality of sets of 

4 filtering elements comprise lists of allowed Internet 

5 sites. 



9. The content filtering system of claim 6 
further comprising a master set of filtering elements 
comprising a list of excluded sites, said at least one 
filtering scheme comprising a hybrid exclusive- list 
inclusive- list scheme, said plurality of sets of 
filtering elements comprising lists of allowed sites, 
each controlled access network account being associated 
with at least one list of allowed sites. 



1 10. The content filtering system of claim 9, 

2 wherein said hybrid filtering scheme excludes Internet 

3 access requests to Internet sites listed on said master 

4 list of excluded sites unless said Internet site is 

5 listed on said associated list of allowed sites. 

1 11. The content filtering system of claim 9 

2 further comprising a plurality of lists of excluded 
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sites, each controlled access network account being 
associated with at least one list of said plurality of 
lists of excluded sites, said hybrid filtering scheme 
excluding Internet access requests to Internet sites on 
said master list of excluded sites or said associated 
list of excluded sites, unless said Internet site is 
listed on said associated list of allowed sites. 

12. The content filtering system of claim 1, 
wherein said at least one filtering scheme monitors the 
data being forwarded to said remote client computer. 

13. The content filtering system of claim 
11, wherein said at least one filtering scheme com- 
prises a word-parsing scheme and said plurality of sets 
of filtering elements comprise lists of excluded words, 
said word-parsing scheme monitoring the content of data 
packets being forwarded to the controlled access net- 
work account for occurrences of words on the list of 
excluded words associated with said controlled access 
network account 

14. A content filtering system for filtering 
content retrieved from an Internet computer network by 
individual con trol led ^acc ess network accounts , said 
system comprising: 
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a local client computer generating 
network access requests for said individual controlled 
access network accounts; 

at least one master site list; 

a plurality of first personal site 
lists, each controlled access network accounts being 
associated with at least one first personal site list; 
and 

a remote ISP server coupled to said 
client computer and said Internet computer network, 
said ISP server receiving and screening said network 
access requests based on said master site list and said 
associated first personal site list. 

15. The content filtering system of claim 14 
further comprising a plurality of second personal site 
lists, each controlled access network account being 
associated with at least one second personal site list, 
said ISP server screening said network access requests 
based on said master site list and said associated 
first personal site list and said associated second 
personal site list. 

16. The content filtering system of claim 
15, wherein said network access requests comprise a 
destination address field, said ISP server denying said 
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4 network access request if said network access request 

5 destination address is listed on said associated first 

6 personal site list, said ISP server further denying 

7 said network access request if said network access 

8 request destination address is listed on. said master 

9 site list and not on said associated second personal 
10 site list. 

1 17. The content filtering system of claim 14 

2 further comprising a second ISP server coupled to said 

3 remote ISP server, said plurality of first personal 

4 site lists and said plurality of second personal site . 

5 lists being stored locally to said second ISP server. 

1 18. An ISP server for filtering content for- 

2 warded to controlled access network accounts accessing 

3 an Internet computer network from a remote client 

4 computer, said remote client computer generating net- 

5 work access requests containing a destination address, 

6 said ISP server comprising: 

7 a plurality of sets of filtering ele- 

8 ments, each controlled access network account being 

9 associated with at least one set of said plurality of 

10 sets of filtering elements; and 

11 at least one filtering scheme associated 

12 with each controlled access network account, said 

23 



SUBSTITUTE SHEET (RULE 26) 

3/14/2006, EAST Version: '2.0.3.0 



WO 98/41913 



PO7US98/05316 



13 associated filtering scheme for determining whether to 

14 allow said network access request based on said at 

15 least one set of associated filtering elements. 

1 19. The ISP server of claim 18, wherein said 

2 at least one filtering scheme monitors said destination 

3 address of said network access requests. 

1 20. The ISP server of claim 18, wherein said 

2 at least one filtering scheme monitors the data being 

3 forwarded to said remote client computer. 

1 21. The ISP server of claim 20, wherein said 

2 at least one filtering scheme comprises a word-parsing 

3 scheme. 

1 22. An ISP server for filtering content for- 

2 warded to a controlled access account generating net- 

3 work access requests at a remote client computer, each 

4 network access request including a destination address 

5 field, said ISP server comprising: 

6 a master inclusive- list of allowed 

7 sites; 

8 a plurality of exclusive-lists of ex- 

9 , eluded sites, each controlled access account associated 
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with at least one of said plurality of exclusive- lists 
of excluded sites; and 

a filtering scheme, said filtering 
scheme allowing said network access request if said 
destination address exists on said master inclusive- 
list but not on said at least one associated exclusive- 
list. 

23. The ISP server of claim 22 further com- 
prising: 

a plurality of inclusive- lists of al- 
lowed sites, each controlled access user associated 
with at least one of said plurality of inclusive-lists 
of allowed sites, said filtering program further allow- 
ing said network access request if said requested 
destination address exists on said at least one associ- 
ated inclusive- list . 

24. A method for filtering content retrieved 
from an Internet computer network by a controlled 
access account, said method comprising the steps of: 

transmitting a network access request 
associated with said controlled access account from a 
local client computer; 

receiving said network access request at 
a remote ISP server; 
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9 associating said network access request 

10 w ith a set of filtering elements from a plurality of 

11 sets of filtering elements stored remotely from said 

12 local client ; 

13 executing a filtering scheme on said ISP 

14 server, said filtering scheme utilizing said associated 

15 set of filtering elements; and 

16 transmitting said network access request 

17 from said ISP server to said Internet computer network 

18 if said filtering scheme accepts said network access 

19 request and transmitting a rejection from said ISP 

20 server to said client computer if said filtering scheme 
denies said network access request. 

1 25. The method for filtering content re- 

2 trieved from an Internet computer network of claim 24 

3 further comprising the step of associating said network 

4 access request with a filtering scheme from a plurality 

5 of filtering schemes stored remotely form said local 
client . 

) 
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